2

This is my LdapTemplate Class public LdapTemplate getLdapTemplete(String ldapID) {

    if (ldapID.equalsIgnoreCase(Constants.LDAP1))
    {

        if (ldapTemplate1 == null)
        {
            try
            {
                PasswordCredential passwordCredential = j2cAliasUtility.getAliasDetails(ldapID);
                String managerDN = passwordCredential.getUserName();
                String managerPwd = new String(passwordCredential.getPassword());

                log.info("managerDN :"+managerDN+":: password : "+managerPwd);

                LdapContextSource lcs = new LdapContextSource();
                lcs.setUrl(ldapUrl1);
                lcs.setUserDn(managerDN);
                lcs.setPassword(managerPwd);
                lcs.setDirObjectFactory(DefaultDirObjectFactory.class);
                lcs.afterPropertiesSet();
                ldapTemplate1 = new LdapTemplate(lcs);

                log.info("ldap1 configured");
                return ldapTemplate1;
            }
            catch (Exception e)
            {
                log.error("ldapContextCreater / getLdapTemplete / ldap2");
                log.error("Error in getting ldap context", e);
            }
        }

        return ldapTemplate1;
    }

This is my J2CAliasUtility Class--I dont know what is this method doing and what does it return ?

public PasswordCredential getAliasDetails(String aliasName) throws Exception
    {
        PasswordCredential result = null;
        try
        {
            // ----------WAS 6 change -------------
            Map map = new HashMap();
            map.put(com.ibm.wsspi.security.auth.callback.Constants.MAPPING_ALIAS, aliasName); //{com.ibm.mapping.authDataAlias=ldap1}
            CallbackHandler cbh = (WSMappingCallbackHandlerFactory.getInstance()).getCallbackHandler(map, null);
            LoginContext lc = new LoginContext("DefaultPrincipalMapping", cbh);
            lc.login();
            javax.security.auth.Subject subject = lc.getSubject();
            java.util.Set creds = subject.getPrivateCredentials();
            result = (PasswordCredential) creds.toArray()[0];
        }
        catch (Exception e)
        {
            log.info("APPLICATION ERROR: cannot load credentials for j2calias = " + aliasName);
            log.error(" "+e);
            throw new RuntimeException("Unable to get credentials");
        }
        return result;
    }
covener
  • 17,402
  • 2
  • 31
  • 45
Sagar Oza
  • 31
  • 2

2 Answers2

3

J2C alias is a feature that encrypts the password used by the adapter to access the database. The adapter can use it to connect to the database instead of using a user ID and password stored in an adapter property.

J2C alias eliminates the need to store the password in clear text in an adapter configuration property, where it might be visible to others.

ABODE
  • 958
  • 2
  • 15
  • 13
0

It would seem that your class "J2CAliasUtility" retrieves a user name and password from an JAAS (Java Authentication and Authorization Service) authentication alias, in this case apparently looked-up from LDAP. An auth alias may be configured in WebSphere Application Server as described here and here. Your code uses WebSphere security APIs to retrieve the user id and password from the given alias. More details on the programmatic logins and JAAS made be found in this IBM KnowledgeCenter topic and it's related topics.

F Rowe
  • 2,042
  • 1
  • 11
  • 12
  • So by retrieving username nd password you mean the credentials of LDAP server login credentials or credential of user on stored in LDAP server ?In my case there are 3 ldap servers configured, so does this code authenticate the ldap server and test whether they are up and running ? – Sagar Oza Mar 08 '16 at 05:03
  • Your question was what does this method (J2CAliasUtility) do and what does it return. From the specified auth alias configured in the app server, the utility method retrieves the credentials of a user and returns a javax.resource.spi.security.PasswordCredential created from them (see javadoc). The remainder of your code appears to take those credentials and create an LDAP context. What your code does with the context after that can't be determined. – F Rowe Mar 08 '16 at 13:49